b'                                                             Office of Inspector General\n\n\n   DEPARTMENT OF HOMELAND SECURITY                           U.S. Department of\n                                                             Homeland Security\n                                                             Washington, DC 20528\n\n\n          Office of Inspector General\n\n\n      Information Technology Management \n\n              Letter for the FY 2007 \n\n    Federal Law Enforcement Training Center \n\n            Financial Statement Audit \n\n                               (Redacted) \n\n\n\n\n\n   Notice: The Department of Homeland Security, Office of Inspector General\n   has redacted the report for public release. A review under the Freedom of\n   Information Act will be conducted upon request.\n\n\n\n\nOIG-08-70                                                   June 2008\n\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c                                                                                         Appendix B\n\n                         Federal Law Enforcement Training Center\n                          Information Technology Management Letter\n                                     September 30, 2007\n\n NFR #                 Condition                            Recommendation                   Risk Rating\n                                                Finalize and implement the \xe2\x80\x9cFM 4300: IT\n                                                System Security Program and Policy,\xe2\x80\x9d\n                                                which provides policies for the use of\n                                                                  .\n\n           Policies and Procedures over         Finalize and implement the\nFLETC-\n                              Are Not           hardening guide and hardening SOP.            Medium\nIT-07-16\n           Developed\n                                                Conduct a security inspection of the\n                                                                   installations by\n                                                completing the FLETC          Security\n                                                Checklist.\n\n                                                Perform timely background checks on all\n                                                new and existing contractors and ensure\n                                                that supporting documentation be\n                                                maintained.\n           Background Investigations for\nFLETC-\n           Contractors are Not Consistently                                                   Medium\nIT-07-17                                        Document the status of ongoing and\n           Performed\n                                                completed background checks in a central\n                                                repository with critical details about the\n                                                investigation documented.\n\n                                                Finalize and implement FM 4300: IT\n                                                System Security Program and Policy,\n                                                which provides policies for the review of\n                                                audit logs.\n\n                                                Continue with the projected plan for\nFLETC-                             Audit Logs\n                                                decommissioning the                             Low\nIT-07-18   Need Improvement\n                                                         application and ensure that audit\n                                                logs are maintained to capture actual or\n                                                attempted unauthorized, unusual or\n                                                sensitive application or operating system\n                                                level access to\n\n                                                This NFR was issued without a\n                       Password\nFLETC-                                          recommendation as it was remediated\n           Configurations Need                                                                  Low\nIT-07-19                                        during the audit period.\n           Improvement\n\n\n\n\n                                        19\n Information Technology Management Letter for the FY 2007 FLETC Financial Statement \n\n                                      Audit \n\n\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c                                                                          Appendix D\n\n                     Federal Law Enforcement Training Center\n                      Information Technology Management Letter\n                                 September 30, 2007\n\n\n\n\n                                       28\nInformation Technology Management Letter for the FY 2007 FLETC Financial Statement \n\n                                     Audit\n\n\x0c                                                                          Appendix D\n\n                     Federal Law Enforcement Training Center\n                      Information Technology Management Letter\n                                 September 30, 2007\n\n\n\n\n                                       29\nInformation Technology Management Letter for the FY 2007 FLETC Financial Statement \n\n                                     Audit\n\n\x0c                                                                          Appendix D\n\n                     Federal Law Enforcement Training Center\n                      Information Technology Management Letter\n                                 September 30, 2007\n\n\n\n\n                                       30\nInformation Technology Management Letter for the FY 2007 FLETC Financial Statement \n\n                                     Audit\n\n\x0c                                                                          Appendix D\n\n                     Federal Law Enforcement Training Center\n                      Information Technology Management Letter\n                                 September 30, 2007\n\n\n\n\n                                       31\nInformation Technology Management Letter for the FY 2007 FLETC Financial Statement \n\n                                     Audit\n\n\x0c\x0cAdditional Information and Copies\n\nTo obtain additional copies of this report, call the Office of Inspector General\n(OIG) at (202) 254-4199, fax your request to (202) 254-4305, or visit the OIG web\nsite at www.dhs.gov/oig.\n\n\nOIG Hotline\nTo report alleged fraud, waste, abuse or mismanagement, or any other kind of\ncriminal or noncriminal misconduct relative to department programs or\noperations:\n\n    \xe2\x80\xa2    Call our Hotline at 1-800-323-8603;\n    \xe2\x80\xa2    Fax the complaint directly to us at (202) 254-4292;\n    \xe2\x80\xa2    Email us at DHSOIGHOTLINE@dhs.gov; or\n    \xe2\x80\xa2\t   Write to us at:\n           DHS Office of Inspector General/MAIL STOP 2600, Attention:\n           Office of Investigations - Hotline, 245 Murray Drive, SW, Building 410,\n           Washington, DC 20528.\n\nThe OIG seeks to protect the identity of each writer and caller.\n\x0c'